Symantec Product Security: Norton Personal Firewall 2004 ActiveX Control vulnerability
SYM07-007
May 16, 2007
Symantec Norton Personal Firewall 2004 ActiveX Control Buffer Overflow
Risk Impact
Medium
Affected Products
Norton Internet Security 2004
Norton Personal Firewall 2004
Details
CERT notified Symantec that a buffer overflow exists in an ActiveX Control used
by Norton Personal Firewall. The error occurs in the Get() and Set() functions
used by ISAlertDataCOM, which is part of ISLALERT.DLL. A successful exploit of
this vulnerability could potentially allow the remote execution of code on a
vulnerable system, with the rights of the logged-in user.
Symantec Response
Symantec product engineers have determined that the issue affects Norton
Personal Firewall and Norton Internet Security 2004 only. Product updates to
correct the problem are available through LiveUpdate.
To successfully exploit this vulnerability, an attacker would need to entice
the user to view a specially crafted HTML document. This type of attack is
often achieved by sending email containing a link to the malicious site, and
persuading the recipient to click on the link.
Symantec is not aware of any customers impacted by this issue, or of any
attempts to exploit the issue.
As a part of normal best practices, users should keep vendor-supplied patches
for all application software and operating systems up-to-date. Symantec
recommends any affected customers update their product immediately to protect
against potential attempts to exploit this vulnerability.
How to obtain the update
Norton Internet Security and Norton Personal firewall 2004 users who normally
run manual LiveUpdate to obtain product updates can also obtain this update
through the same process.
If you have not previously installed all available product updates, you will
need to obtain those updates first. You will need to modify your LiveUpdate
settings to connect to the archive LiveUpdate server to obtain the previous
product updates.
Please see this Knowledgebase article for information:
How to obtain the programs updates that are archived on Symantec LiveUpdate
server
http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2007010219171513
After you have downloaded and installed all available updates from the archive
server, you will be able to download the update for this vulnerability.
Mitigation
Symantec has released IPS signatures for the Symantec products listed below, to
detect attempts to exploit this vulnerability:
Symantec Client Security SU# 62 and later
Norton Internet Security SU# 50 and later
Symantec Gateway Security SU# 46 and later
Symantec Network Security SU# 81 and later
Credit
Symantec would like to thank Will Dormann of the CERT Coordination Center
(http://www.cert.org/certcc.html) for reporting this issue and coordinating
with us on the response.
Future updates to this adivsory, if needed, will be available here:
http://www.symantec.com/avcenter/security/Content/2007.05.16.html
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Symantec Product Security Team
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)
iQEVAwUBRktziP9Lqygkbb6BAQjETgf+KSkztR+vcdeBHw3ehiOTWtlCbgGZWhOK
sPlfIq5n/26xeIA+oCrnN3li28nYqpf/qpvlJXrz8TfbHHZ8CiE2lIGsKIPDwoqX
ihLgNE29FCNZy+148TqIjyDzDvF2Skt2OVNeCjvJf/uSN380cGS2s9uBOIm9L0Lc
CSIpX9OjTs+Gw/fMYNRz946TNYHbYyDMu80tk1jOSewGthEw+b9pCZcz0jX45w5T
usycg/JHWAwgtJdcgogINQxtm1iSHco74XBWJGWNmsz0aSINi7AQ2bTKYMP3GbHq
wWgdfkmSeyeidQ5ndOFz/qoAreO65tzRi7zqeEtD0yWaG5LwyYFhVw==
=uUcA
-----END PGP SIGNATURE-----